Help Center> Elastic Load Balance> User Guide> Certificate> Adding a Certificate
Updated on 2024-03-15 GMT+08:00
View PDF

Adding a Certificate

Scenarios

To enable authentication for securing data transmission over HTTPS, ELB allows you to bind certificates to HTTPS listeners of a load balancer.

  • Server certificate: You can purchase a certificate from SSL Certificate Manager (SCM) or upload your own certificates.
  • CA certificate: You can only upload your own CA certificates.

If you want to use the same certificate in two regions, you need to create a certificate in each region.

Adding a Server Certificate

  1. Log in to the management console.
  2. In the upper left corner of the page, click and select the desired region and project.
  3. Hover on in the upper left corner to display Service List and choose Networking > Elastic Load Balance.
  4. In the navigation pane on the left, choose Certificates.
  5. Click Add Certificate on the top right corner and set parameters by referring to Table 1.
    Table 1 Server certificate parameters

    Parameter

    Description

    Example Value

    Certificate Type

    Specifies the certificate type.

    • Server certificate: used for SSL handshake negotiations if an HTTPS listener is used. Both the certificate content and private key are required.
    • CA certificate: issued by a certificate authority (CA) and used to verify the certificate issuer. If HTTPS mutual authentication is required, HTTPS connections can be established only when the client provides a certificate issued by a specific CA.

    Server certificate

    Source

    Specifies the source of a certificate. You can purchase a certificate from SCM or upload your own certificates.

    • SCM certificate: server certificate provided by SCM. You need to buy a certificate or upload your own certificate on the SCM console.
    • Your certificate: You need to upload the certificate content and private key of your own certificate on the ELB console.
    NOTE:

    You are advised to use SCM to manage your certificates.

    SCM certificate

    Certificate

    This parameter is only available for SCM certificates.

    You can select certificates provided by SCM.

    -

    Certificate Name

    Specifies the name of your certificate.

    This parameter is only available for your certificates.

    -

    Enterprise Project

    Specifies an enterprise project by which cloud resources and members are centrally managed.

    default

    Certificate Content

    Specifies the content of a certificate. This parameter is only available for your certificates.

    The content must be in PEM format.

    Click Upload and select a certificate. Ensure that your browser is the latest version.

    The format is as follows:

    -----BEGIN CERTIFICATE-----
Base64–encoded certificate
-----END CERTIFICATE-----

    -

    Private Key

    Specifies the private key of a certificate. This parameter is only available for your certificates.

    Click Upload and select a private key. Ensure that your browser is the latest version.

    The value must be an unencrypted private key. The private key must be in PEM format. The format is as follows: 
    -----BEGIN PRIVATE KEY-----
[key]
-----END PRIVATE KEY-----

    -

    Domain Name

    The domain name must be specified if the certificate is intended for SNI.

    Only one domain name can be specified for each certificate, and the domain name must be the same as that in the certificate.

    -

    Description

    (Optional) Provides supplementary information about the certificate.

    -

Adding a CA Certificate

  1. Log in to the management console.
  2. In the upper left corner of the page, click and select the desired region and project.
  3. Hover on in the upper left corner to display Service List and choose Networking > Elastic Load Balance.
  4. In the navigation pane on the left, choose Certificates.
  5. Click Add Certificate on the top right corner and set parameters by referring to Table 2.
    Table 2 CA certificate parameters

    Parameter

    Description

    Example Value

    Certificate Type

    Specifies the certificate type.

    • Server certificate: used for SSL handshake negotiations if an HTTPS listener is used. Both the certificate content and private key are required.
    • CA certificate: issued by a certificate authority (CA) and used to verify the certificate issuer. If HTTPS mutual authentication is required, HTTPS connections can be established only when the client provides a certificate issued by a specific CA.

    CA certificate

    Certificate Name

    Specifies the name of the CA certificate.

    -

    Enterprise Project

    Specifies an enterprise project by which cloud resources and members are centrally managed.

    default

    Certificate Content

    The content must be in PEM format.

    Click Upload and select a certificate. Ensure that your browser is the latest version.

    The format is as follows:

    -----BEGIN CERTIFICATE-----
Base64–encoded certificate
-----END CERTIFICATE-----

    -

    Description

    (Optional) Provides supplementary information about the certificate.

    -
  6. Click OK.
Parent topic: Certificate